codebase-research
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill is configured with access to the
Bashtool. While this is used for exploration (e.g., searching files), the ability to execute shell commands represents a significant capability tier. In this context, the risk is mitigated by the skill's primary focus on documentation and the 'Explore' agent role. - [PROMPT_INJECTION] (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) because it ingests and summarizes content from external files that could contain malicious instructions.
- Ingestion points: Files are read via
Read,Glob, andGreptools, as well as by specialized sub-agents (codebase-analyzer,docs-analyzer). - Boundary markers: Absent. There are no explicit delimiters or system-level instructions provided to the agent to treat file content as data rather than instructions.
- Capability inventory: The skill can execute shell commands via
Bash, read any file in the workspace, and initiate external network requests through theweb-search-researchersub-agent. - Sanitization: Absent. The workflow lacks a validation or sanitization step for the content extracted from the codebase before it is used to generate reports or influence further agent actions.
Audit Metadata